FS#60077 - [isync] backport commit to fix google SMTP with TLS 1.3

Attached to Project: Community Packages
Opened by Eli Schwartz (eschwartz) - Sunday, 16 September 2018, 14:03 GMT
Last edited by Jonathan Steel (jsteel) - Monday, 17 September 2018, 07:34 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Jonathan Steel (jsteel)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 6
Private No

Details

openssl 1.1.1 automatically adds support for TLS 1.3 which causes some servers, like Google's SMTP servers, to provide invalid self-signed certificates if the client does not send the SNI.

See:
https://wiki.openssl.org/index.php/TLS1.3#Server_Name_Indication
https://mta.openssl.org/pipermail/openssl-project/2018-April/000623.html
https://bbs.archlinux.org/viewtopic.php?id=240429

Similar bugs for other software:  FS#60038   FS#60059   FS#60078 

The fix is to backport commit https://sourceforge.net/p/isync/isync/ci/17babc1695e82ca80d032b79e920fcb86ede2347/
This task depends upon

Closed by  Jonathan Steel (jsteel)
Monday, 17 September 2018, 07:34 GMT
Reason for closing:  Implemented
Comment by Adrian (adirat) - Sunday, 16 September 2018, 23:38 GMT
There's no need to backport the commit: It's already present in the 1.3 branch upstream.

The only thing needed is a rebuild of this package with the latest 1.3 changes.
Comment by Eli Schwartz (eschwartz) - Monday, 17 September 2018, 00:47 GMT
That's not how software development or packaging works -- the 1.3 branch is not the 1.3.0 release.

Loading...